... says the guy posting on a forum during work hours.
... says the guy posting on a forum during work hours.
And yet the software you are complaining about is MS Word. That is consumer software. To me, this just seems lime more "MS should be held accountable for everything because I don't like them," crap.
You can have that however you have to accept a few things:
1) Costs are going to go way up. You aren't going to pay $50 or $100 for a software package, it'll be 5 or 6 figures. You'll be paying for all the additional testing, certification, and risk.
2) You won't get new stuff. Everything you use will be old tech. You'll be 5-10 years out of date because of the additional time needed to test and prove things. When a new chip or whatever comes on the market it'll be a good bit of time before it has undergone all the validation it needs to be ready for such a critical use.
3) You will not be permitted to modify anything. You will sign a contract (a real paper one) up front that will specify what you can do with the solution, and what environment it must be run in. Every component will have to be certified, all software on the system, the system itself, any systems it connects to, etc. No changes on your part will be permitted, everything will have to be regression tested and verified before any change is made.
If you are ok with that, then off you go! The way I know this is how it goes is that we have shit like this, we have critical systems out there and this is the kind of shit they go through. They are expensive, inflexible, and out of date compared to the latest mass market shit. If you look at the computers that control a fighter plane or the like you'll be amazed at how "dated" they are. Well they are that way because development took a long time and once they are developed, they continue to be used, they aren't changed often.
Now if that's not ok, if you want the free wheeling environment we have now where you can buy new tech when you like, put things together in any configuration, and run whatever you want that's cool, but accept that means problems will happen. You cannot have it both ways.
Oh and also with that critical stuff:
4) There will be no FOSS. If there's liability for losses, nobody will be willing to freely distribute their work. They aren't going to accept liability for no payment, and aren't going to accept that if their code was used by someone else they might be liable.
Turns out research shows that a non-trivial amount of happiness in your life is related to your commute. Long commutes, particularly by car, lead to less happiness.
That is another huge determining factor. The big cost is laying the infrastructure. The kind doesn't matter so much. So, if you are doing new deployments, fiber is more likely. The cable company here is all FTTH all the time for new build outs. However once that shit is deployed a replacement is a lot of money that you'd rather not spend. So they are less inclined to do it.
Well new developments also tend to not be low income. Usually middle and upper class is what they target. No surprise then that is where you see more of it.
There are plenty of rich neighbourhoods where I live with no fibre. The one right next to me is a good example. About 2 blocks away, and they have the same cable and DSL offerings I do in my cheap condo. Neither the telco nor cable company feels there's enough money to be made in ripping up and redoing the lines in either place, despite the fact that those houses are almost all 7 figures.
Go out in to a new subdivision though, and it is usually FTTH.
Also when they do rip things up and replace, of course they target the rich places since those people are more willing to spend the money. Offer someone low income the option of $100/month gigabit or $20/month 1.5mbit and they will likely go with the 1/5mbit. Ya it is way more per bit and annoyingly slow on the modern Internet, but it gets the job done and $80/month is a lot in the budget of someone low income.
I didn't say it was right, I said it was on to something.
When prosecution doesn't work as a deterence - and it obviously doesn't in high-stakes white collar crimes - then prevention needs the be stronger.
This could very well take the form of pre-crime investigations. I'm against imprisoning someone for something they didn't (yet) do. But why is it that police has to wait until a crime has been committed before they can even begin looking?
I was in this position once. Someone tried to run a common scam on me and I went to the police so that they could catch them in flagranti. The answer pretty much was "well, no crime has been committed so far, so we can do nothing".
A bigger stress on the part where in many crimes the attempt is a crime would help out a lot, especially with corporate crime.
Which part of "charging them in a legal system that operates on the timescale of years when their personal success depends on quarterly results" wasn't clear ?
Uber is actually a good example of what's going wrong with the world: They are openly criminal and it works. It's Al Capone all over again. Everyone knows what they are doing, but they're too slippery to be nailed.
Same with the tax evasion of multinational cooperation, wars based on invented bullshit, election frauds done almost openly (like in Turkey), and so on.
Minority Report may have been on to something: The legal system working after the fact, and with a delay often measured in years, does not deter criminals. If you can take over a country, or become a billionaire, the threat that ten years from now they might file charges which your $1000/h lawyers will then simply drag through the courts for twenty years - well, that is not a very threatening thing especially for people trained to think primarily about next quarter.
Namely that they deliberately under-produced them so they'd be out of stock and thus seen as more desirable, and then suddenly just discontinued their production for no apparent reason.
Thanks. I like the look of those a lot. It's a good deal cheaper than a similar Netgate device (my go to since they own PFSense). Only real area it looks like it would have notably worse performance would be VPN since it lacks AES acceleration. But so long as that isn't being used it should be around the same speed as the 4 core atoms Netgate uses.
I may think about one for home. I'll probably stick with my Edgerouter Lite since those Cavium chips just get lower latency than you can get in pure software at this point, but I am a bigger fan of PFSense than EdgeOS for sure.
You have any companies that make a setup you like for it? I'm always shopping for new places to get low power/embedded type network devices.
Moving to a better router? DD-WRT isn't as updated as it should be these days and has slow performance. Modern consumer routers are fast because they use packet acceleration tech built in to their chips. DD-WRT doesn't know how to do that (at least not that I've ever seen).
So what I recommend for geek types is go to three devices: Modem -> router -> wireless. You can repurpose your existing router as a WAP, or get a purpose built WAP. Either way, you don't do routing on it. Then get a purpose built router.
My top recommendation is a Ubiquiti EdgeRouter Lite. About $100 for a little wired 3-port device that'll pass a gig of traffic with low latency since it has packet acceleration and knows how to use it. It's a bit on the complex side and you can't do all setup through the GUI (IPv6 requires commandline work) but it is powerful, and they are pretty good at updating it. Runs a customized version of VyOS and provides you with access to all the low level stuff. You can compile your own shit for it if you like (is MIPS64 though).
If that isn't to your taste my second choice is PFSense. You can run that on anything x86 but the devices they sell on their site, made by Netgate, are great choices. Its more expensive to hit a gigabit speed because it runs all in software, and that also means its latency is higher. However that said I like the interface better and it is an exceedingly powerful and flexible firewall. It's updated regularly, you can buy professional support, and since it is software you can run it on anything, including a VM. Runs BSD underneath and you can get access to the low level if you want to mess with it.
Third choice would be a something like a Cisco RV340 or maybe RV320. It's the same general hardware as the EdgrRouter Lite, a Cavium Octeon processor which is MIPS64+packet processing, but with Cisco's OS whacked on. Easier to use overall, though not as flexible. Cisco tends to be ok with security updates. They use a slower CPU and less RAM so you aren't going to get a full gig, but they are pretty fast and are nice and low latency. Not too bad price wise either, like $150 for the RV320.
Oh ok, gotcha. In that case, I'd go for Private Internet Access. Their privacy rules are very good (in all cases we have to take the company's own statement on it), price is good, performance seems to be good, and it uses open standards for VPN connections. It also isn't like some where they are located in some minor island nation you've never heard of, they are in the US.
It's what I use and what my instructor at SANS recommended to someone else this week who asked the same question.
If you wanted to filter all systems though it you'd just need a router/fw that did it, again PFSense would do. It uses OpenVPN by default (can do IPSec as well) and PFSense supports that. Your internal systems talk to PFSense, have PFSense VPN to PIA and then set your routing to do 0.0.0.0 over the VPN. Make sure outbound rules are properly configured so traffic is only allowed over VPN interface and you've got an automatic, transparent, system where all systems will communicate via the VPN. You can always change rules if needed to permit direct communication.
If you don't want a network box you can set up your OSes to auto-dial PIA on start. For Windows this is best accomplished with the inbuilt IPSec VPN client, on Linux OpenVPN works nicely (though either can do both). Again you set local firewall/routing rules to prohibit traffic over the local net and require the VPN to be up. Then just treat it like dialup from the old days.
So give PIA a look, they seem to do well.
They are selling fast because there are not many on the market. I checked recently, as I'm shopping for a new car, and the closest one was 150 km away from me. And there were about 5 or 6 in the entire german speaking area (Germany, Austria, Switzerland).
It is getting hard to work in the world with no 'net access. The governments want to use it themselves for many reasons, including just entertainment for the party elite. So, cut that off and they are brought down to the level of their citizens, and that they don't like.
Sanctions can work when they can actually effect the powerful. If you can do something that makes their life worse, that has an effect on them, then they care. This is something that has the potential to do that.
No silver bullet, but nothing is.
Pound for pound, the amoeba is the most vicious animal on earth.